Swiptly
2024-12-09 10:49:59
(4 days ago)
WordPress xmlrpc spam or enumeration
...
Web Spam
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-05 12:05:05
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 2a0a:4cc0:80:3bc:d826:d5ff:fe59:5c96 (Unknown): ... show more (mod_security) mod_security (id:225170) triggered by 2a0a:4cc0:80:3bc:d826:d5ff:fe59:5c96 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 05 07:04:59.990842 2024] [security2:error] [pid 12981:tid 12981] [client 2a0a:4cc0:80:3bc:d826:d5ff:fe59:5c96:54594] [client 2a0a:4cc0:80:3bc:d826:d5ff:fe59:5c96] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.zabdisrl.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.zabdisrl.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z1GW64gIbnwsu7BbccboXwAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
weblite
2024-11-29 16:12:14
(2 weeks ago)
LONG_RUNNING WP_XMLRPC_ABUSE
Brute-Force
Web App Attack
corthorn
2024-11-28 13:23:56
(2 weeks ago)
2a0a:4cc0:80:3bc:d826:d5ff:fe59:5c96 - - [28/Nov/2024:14:23:55 +0100] "POST /xmlrpc.php HTTP/1.1" 40 ... show more 2a0a:4cc0:80:3bc:d826:d5ff:fe59:5c96 - - [28/Nov/2024:14:23:55 +0100] "POST /xmlrpc.php HTTP/1.1" 403 4158 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
... show less
Brute-Force
corthorn
2024-11-27 16:45:47
(2 weeks ago)
2a0a:4cc0:80:3bc:d826:d5ff:fe59:5c96 - - [27/Nov/2024:17:45:47 +0100] "POST /xmlrpc.php HTTP/1.1" 40 ... show more 2a0a:4cc0:80:3bc:d826:d5ff:fe59:5c96 - - [27/Nov/2024:17:45:47 +0100] "POST /xmlrpc.php HTTP/1.1" 403 4158 "-" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/20.6.14"
... show less
Brute-Force
TPI-Abuse
2024-11-25 16:14:32
(2 weeks ago)
(mod_security) mod_security (id:225170) triggered by 2a0a:4cc0:80:3bc:d826:d5ff:fe59:5c96 (Unknown): ... show more (mod_security) mod_security (id:225170) triggered by 2a0a:4cc0:80:3bc:d826:d5ff:fe59:5c96 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 25 11:14:28.640118 2024] [security2:error] [pid 628567:tid 628567] [client 2a0a:4cc0:80:3bc:d826:d5ff:fe59:5c96:41882] [client 2a0a:4cc0:80:3bc:d826:d5ff:fe59:5c96] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||rodandreelpiercam.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "rodandreelpiercam.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z0SiZIu4lqy_SRu1M__ilgAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-25 13:36:25
(2 weeks ago)
(mod_security) mod_security (id:225170) triggered by 2a0a:4cc0:80:3bc:d826:d5ff:fe59:5c96 (Unknown): ... show more (mod_security) mod_security (id:225170) triggered by 2a0a:4cc0:80:3bc:d826:d5ff:fe59:5c96 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 25 08:36:19.608751 2024] [security2:error] [pid 1698897:tid 1698897] [client 2a0a:4cc0:80:3bc:d826:d5ff:fe59:5c96:37004] [client 2a0a:4cc0:80:3bc:d826:d5ff:fe59:5c96] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||7bsuperfruit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "7bsuperfruit.com"] [uri "/wp-json/wp/v2/users"] [unique_id "Z0R9U-nZlf1YolI_24RmKQAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
weblite
2024-11-21 03:05:53
(3 weeks ago)
LONG_RUNNING WP_XMLRPC_ABUSE
Brute-Force
Web App Attack
ipoac.nl
2024-11-18 14:50:17
(3 weeks ago)
***:443 2a0a:4cc0:80:3bc:d826:d5ff:fe59:5c96 - - [18/Nov/2024:15:50:16 +0100] *** "POST /xmlrpc.php ... show more ***:443 2a0a:4cc0:80:3bc:d826:d5ff:fe59:5c96 - - [18/Nov/2024:15:50:16 +0100] *** "POST /xmlrpc.php HTTP/1.1" 403 4105 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0" show less
Bad Web Bot
Swiptly
2024-11-13 19:18:45
(4 weeks ago)
WordPress xmlrpc spam or enumeration
...
Web Spam
Bad Web Bot
Web App Attack
ipoac.nl
2024-11-13 03:19:11
(1 month ago)
***:443 2a0a:4cc0:80:3bc:d826:d5ff:fe59:5c96 - - [13/Nov/2024:04:19:11 +0100] *** "POST /xmlrpc.php ... show more ***:443 2a0a:4cc0:80:3bc:d826:d5ff:fe59:5c96 - - [13/Nov/2024:04:19:11 +0100] *** "POST /xmlrpc.php HTTP/1.1" 403 4120 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36" show less
Bad Web Bot
ipoac.nl
2024-11-09 17:08:29
(1 month ago)
***:443 2a0a:4cc0:80:3bc:d826:d5ff:fe59:5c96 - - [09/Nov/2024:18:08:29 +0100] *** "POST /xmlrpc.php ... show more ***:443 2a0a:4cc0:80:3bc:d826:d5ff:fe59:5c96 - - [09/Nov/2024:18:08:29 +0100] *** "POST /xmlrpc.php HTTP/1.1" 403 4119 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0" show less
Bad Web Bot
Anonymous
2024-11-09 15:26:03
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH